It's hard to imagine someone thinking this up. The IPMI 2.0 Specification
introduced cryptography into IPMI. Perhaps someone thought... well,
cryptography is hard. So let's put in a way to completely sidestep not
only cryptography, but authentication as well. This is the essence
of cipher zero - it's really no cipher at all, or the un-cipher.
It does require IPMI is turned on, as well as a valid account that can
be authenticated to, you simply don't need the authentication. Vendors
always have a default account, however, so that makes things a bit easier.

So let's see, to belabor the obvious, to execute an IPMI command, you
can use good ol' bmc-config with the proper authentication:

Note you have to explicitly say you want version 2 (e.g. lanplus, in this case),
as well as cipher zero ("-C 0".)

Still unimpressed, I know. Well, onwards. Let's create an IPMI account,
give it a password, administrator rights, and enable it. I'll use both
ipmitool and bmc-config; the former is great for illustrating settings,
while the latter is very simple to understand the output.

Since IPMI administrative access grants you god powers on the server,
it's a bit problematic that it's so easy to get admin rights.

I believe that IBM, as of the M2/Nehalem generation, has essentially
abolished cipher zero through the efforts of Jarred B Johnson (kudos
to both!) Dell told me that it was no longer on by default in the most
recent version of iDRAC. I'm not sure who else still has this going on -
but you might check your own boxes. Drop me a line if you hear your
vendor has this on or off by default.

Disclaimer

Various versions of the IPMI utilities - including bmc-config - do not
work correctly with cipher 0 and will fail; this misled me early on in
testing my own boxes. The latest version of freeipmi seems to work on
all the ones I've tested, at least; make sure you have downloaded the
latest copy and try this to verify good ol' cipher 0 is still around.
Most commands say they support cipher zero, but ensure you have the
latest version, because bugs abound out there in the tools and/or in
the BMCs. Here's a couple of more ways to see if this is enabled:

Ipmiutil has a nice printing of the results - anything in the RMCP+
line (in red below) looks zero-ish is bad :) Cipher Privs refers to the
maximum privilege the account can have using a given cipher suite.